So I believe this happening to facebook boost ect as well.

API Vulnerabilities - WhiteHat SecurityAPIs have also notoriously been difficult to test. Traditional automated scanners have a very difficult time finding vulnerabilities in an API since there’s no navigation to an API. Scanners see a website and find the links within a page to properly spider the entire application. Since the API requests are built, there’s nothing to navigate. I submit a link and I get data back. There are almost never links contained within the responses. This is where a typical dynamic scanner will fail. How can i check for API vulnerabilities? cryptocurrency?